filename55caaa4d757205e353bc4f9f19080ae1
size138052 (0x21b44)
md555caaa4d757205e353bc4f9f19080ae1
typePE32 executable (GUI) Intel 80386, for MS Windows
mimetypeapplication/x-dosexec
clamavOK
virustotal→ scan with virustotal.com
histogram

MZ Header

signatureMZ
bytes_in_last_block0x90
blocks_in_file3
num_relocs0
header_paragraphs4
min_extra_paragraphs0
max_extra_paragraphs0xffff
ss0
sp0xb8
checksum0
ip0
cs0
reloc_table_offset0x40
overlay_number0
reserved00
oem_id0
oem_info0
reserved20
reserved30
reserved40
reserved50
reserved60
lfanew0x40

PE Header

SignaturePE
Machine0x14c
NumberOfSections0xf
TimeDateStamp0x5850bebb
PointerToSymbolTable0
NumberOfSymbols0
SizeOfOptionalHeader0xe0
Characteristics0x123
Magic0x10b
LinkerVersion19.2
SizeOfCode0xba00
SizeOfInitializedData0
SizeOfUninitializedData0
AddressOfEntryPoint0xc7a0
BaseOfCode0x1000
BaseOfData0xd000
ImageBase0x400000
SectionAlignment0x1000
FileAlignment0x200
OperatingSystemVersion2.1
ImageVersion0.0
SubsystemVersion5.0
Reserved10
SizeOfImage0x2f000
SizeOfHeaders0x600
CheckSum0xffffffff
Subsystem2
DllCharacteristics0x40
SizeOfStackReserve0x100000
SizeOfStackCommit0x1000
SizeOfHeapReserve0x100000
SizeOfHeapCommit0x1000
LoaderFlags0
NumberOfRvaAndSizes0x10

Sections

namevavsizeraw sizeflags
.text0x10000xb95e0xba00R-X CODE SHARED
.rdata0xd0000xa600xc00R-- IDATA
.data0xe0000x5a100x2a00RW- IDATA
0R0x140000x238a0x2400RW- IDATA
NwqkA_+r0x170000x23b00x2400RW- IDATA
.wiSr9e0x1a0000x22ae0x2400RW- IDATA
=}0x1d0000x232c0x2400RW- IDATA
.crt0x200000x23320x2400RW- IDATA
|wh)0x230000x26960x2400RW- IDATA
x%0x260000x23b60x2400RW- IDATA
3I0x290000x1a5f0x1c00RW- IDATA
.tls0x2b00090x200RW- IDATA
.CRT0x2c0000xa050x200R-- IDATA
.rsrc0x2d0000x10000x800R-- IDATA
.reloc0x2e0000x10000x144R-- IDATA DISCARDABLE

Data Directory

typevasize
EXPORT03
IMPORT0xd6ec0x65
RESOURCE0x2d0000x726
EXCEPTION00
SECURITY00
BASERELOC0x2e0000x144
DEBUG00
ARCHITECTURE00
GLOBALPTR00x1000
TLS0xd6d40x18
LOAD_CONFIG00
Bound_IAT00
IAT0xd0000x8c
Delay_IAT00
CLR_Header00

TLS

raw
start		raw
end		indexcallbkszero
fill		flags
0x42b0000x42b0080x413a0c0x42c00400
typenamesizecp
VERSION#19200
MANIFEST#27500
module_namehintordfunction_name
OLEAUT32.dll112
msvcrt.dll1234iswspace
msvcrt.dll825_snwprintf
KERNEL32.dll455GetTempFileNameW
KERNEL32.dll271GetComputerNameExW
KERNEL32.dll57ConnectNamedPipe
KERNEL32.dll818SetUnhandledExceptionFilter
KERNEL32.dll920WriteProfileStringW
KERNEL32.dll917WriteProfileSectionA
KERNEL32.dll724SetComputerNameA
KERNEL32.dll780SetFirmwareEnvironmentVariableA
KERNEL32.dll894WideCharToMultiByte
KERNEL32.dll30BeginUpdateResourceW
KERNEL32.dll432GetStringTypeExA
KERNEL32.dll646Process32Next
KERNEL32.dll37CallNamedPipeW
KERNEL32.dll634OpenWaitableTimerW
KERNEL32.dll696ReplaceFileA
KERNEL32.dll947lstrlenA
KERNEL32.dll908WriteFileEx
KERNEL32.dll255GetCPInfoExW
KERNEL32.dll434GetStringTypeW
KERNEL32.dll848TransactNamedPipe
KERNEL32.dll266GetCommandLineW
KERNEL32.dll203FindAtomW
KERNEL32.dll376GetModuleHandleW
KERNEL32.dll577LoadLibraryA
KERNEL32.dll272GetComputerNameW
CLUSAPI.dll72GetClusterInformation
CLUSAPI.dll40ClusterRegOpenKey
CLUSAPI.dll41ClusterRegQueryInfoKey

StringTable 040904B0

CompanyNameMicrosoft Corporation
FileDescriptionCOM+ Explorer UI
FileVersion2001.12.10530.17415 (winblue_r4.141028-1500)
InternalNameCOMUID.DLL
LegalCopyright© Microsoft Corporation. All rights reserved.
OriginalFilenameCOMUID.DLL
ProductNameMicrosoft® Windows® Operating System
ProductVersion6.3.9600.17415

VS_FIXEDFILEINFO

FileVersion2001.12.10530.17415
ProductVersion6.3.9600.17415
StrucVersion0x10000
FileFlagsMask0x3f
FileFlags0
FileOS0x40004
FileType2
FileSubtype0
offsetsizetypecomment
0138052EXE12/14/2016 03:38:35#
15c115HTM#
offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable







[?] can't find file_offset of VA 0x13a0c
[?] can't find file_offset of VA 0x0